1. Field of Invention
The present invention relates generally to virus protection systems. More particularly, the present invention relates to a virus incidence predictor that enables the susceptibility of an organization to new viruses to be assessed.
2. Description of the Related Art
As the use of networked computing systems increases, the risk of propagating viruses though networks also increases. While some viruses cause relatively minor problems within a computing system, many viruses may cause serious and even irreparable harm. As new viruses are being announced and identified daily, preparing computing systems to combat the viruses and to neutralize the effect of the viruses is essential in maintaining the integrity of the network.
Drivers and/or dats which provide software that may prevent an infection or combat an existing infection are generally created to operate with anti-virus software on a system to neutralize the effect of a virus on the system. Typically, drivers and/or dats are created to effectively combat certain viruses. That is, once a virus is announced, drivers and/or dats which are intended to serve as fixes or patches for the virus are developed. Once developed, the drivers and/or dats may then be provided to anti-virus software on a system to neutralize the effect of the virus on the system.
FIG. 1a is a process flow diagram which illustrates the steps associated with a method of combating viruses. A process 100 begins at step 102 in which a system, e.g., a computing system, operates. During the operation of the system, a determination is made in step 104 as to whether a virus has been detected within the system. In other words, it is determined if a virus has breached the security of the system. If it is determined that a virus is detected within the system, then drivers and/or dats are downloaded and applied from an anti-virus website in steps 106 and 108. If it is determined that a virus is not detected within the system, then a determination is made in step 110 as to whether a specified time length has elapsed. The specified time length is a duration of time which passes before drivers and/or dats on the system are updated. e.g., by downloading current drivers and/or dats onto the system.
If it is determined that the specified time length has not elapsed, then the system continues to operate at step 102. Alternatively, if it is determined that the specified time length has elapsed, then drivers and/or dats are downloaded and applied from an anti-virus website in steps 112 and 114. Typically, all new and updated drivers and/or dats are downloaded. Once the drivers and/or dats are downloaded, the downloaded drivers and/or dats are applied, e.g., by anti-virus software that is local to the system, the system continues to operate at step 102.
Returning to step 104 and the determination of whether a virus is detected within the system, if it is determined that no virus has been detected within the system, process flow proceeds to step 110 in which it is determined whether a specified time length has elapsed. That is, since drivers and/or dats are periodically downloaded onto the system, it is determined in step 110 whether it is time for another download to occur.
As shown in FIG. 1b, local anti-virus or anti-viral software 130 which is suitable for downloading and applying drivers and/or dats is often included in a system 134. Local anti-viral software 130 accesses drivers and/or dats 138 which are external to system 134 to download drivers and/or dats 138. As discussed above, drivers and/or dats 138 may be downloaded periodically by local anti-viral software 130. Alternatively, drivers and/or dats 138 may be downloaded when a virus is detected within system 134.
In order to prevent viruses from penetrating a system, a network administrator may choose to download drivers and/or dats relatively often. Such downloading may be performed by reducing the time intervals between consecutive scheduled downloads to enable downloads to be performed more often. By downloading drivers and/or dats more often, the likelihood that a new virus may affect the system before an appropriate driver and/or dat is obtained may be reduced. However, frequently downloading substantially all new or updated drivers and/or dats, and implementing the new or updated drivers and/or dats, may be inefficient.
Anti-virus companies or organizations, through the use of electronic mail and websites, may provide warnings pertaining to new viruses. A system or network administrator may generally monitor the warnings to ascertain which viruses pose significant threats to the system he administers. With the large amount of viruses currently being developed, ascertaining which virus threats to take seriously and which virus threats may effectively be ignored for the time being may be a nearly impossible task for the network administrator. Reacting to virus threats substantially immediately after the virus threats are announced may be time-consuming and, hence, inefficient especially if the viruses fail to seriously threaten the system. However, failing to react to the virus threats substantially immediately after the virus threats are announced may result in a virus infecting the system before appropriate dats and/or drivers are applied.
Relying substantially on only information provided in virus alerts to assess the risk posed by viruses may not be sufficient, as some viruses characterized as being relatively “minor” may actually cause significant problems in specific types of networks. That is, a virus that may pose only a minor threat to one system may pose a substantial threat to another system.
Therefore, what is needed is an efficient method and apparatus for assessing the risk of a virus to a particular system. That is, what is desired is a method and an apparatus that analyzes the types of infections that a system or organization has had in the past, and warns a network administrator of new viruses which are similar to viruses that have previously caused significant infections within the system.